Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

The Virginia Department of Medical Assistance Services (DMAS) administers the Federal & State sponsored health care programs for eligible persons with limited income and resources. These programs include Medicaid, Family Access to Medical Insurance Security (FAMIS), Medical Assistance for Low Income Children (FMIS Plus) and a number of other programs benefiting children, the aged, blind and disabled:

DMAS provided services to over 1,000,000 persons during Fiscal Year 2008.

General population growth, especially the growth of the aging population are key factors affecting our client base.

 The number of Virginians 65 and older will increase 5 times faster than the general population over the next 10 years.

Medicaid is the largest health care system in Virginia and in the U.S. as a whole.

In FY 2007, the Department’s Medicaid Management Information System (MMIS) issued provider reimbursement to 55,000 active providers benefiting an average of 691,000 recipients per month at a total cost of $4.4 billion.

In FY 2008, Medicaid claim payments increased to $5.3 billion.

Medicaid program costs are shared by the state and Federal government-the Federal share is higher in states with lower per capita income.

Eligibility categories – aged blind or disabled, member of a family with children , certain Medicare beneficiaries.

The Program’s Medicaid Management Information System (MMIS) applies almost 1,000 separate edits to every claim prior to payment.

Since 1985, at its inception, DMAS Internal Audit has used a variety of tools, many internally developed, to concurrently audit claims and the Department’s 143 other business processes for irregularities and suspected fraud.

--The Internal Control Evaluation System (ICE), an Access data base application listing internal controls and related management objectives for all 144 DMAS business processes. ICE contains a full risk assessment and scoring module, work paper templates and audit control reports.

--It also tracks and reports on the status of all audit findings of Internal Audit, the Auditor of Public Accounts (APA) and the Centers for Medicaid and Medicare Services (CMS)….

--The Business Process Performance Review System (BPPRS, contains in excess of 200 concurrent tests of all aspects of the internal control of Virginia Medicaid.

--Each audit year, Internal Audit includes tests from the BPPRS in its Annual Audit Plan based on the outcome of its Annual Risk Assessment which calculates a test frequency score for each test and related business process

--Most BPPRS tests, are conducted using SAS and ACL routines complemented by use of the Microsoft Office components Excel and Access.

--Staff members specialize in areas of the Program and are assigned a series of tests each audit year which they are expected to independently conduct supported by our full time Systems Analyst whose job it is to support them and maintain the data base.

The Problem:--DMAS Operating Divisions were requesting the ability to run copies of IA concurrent tests to improve their own operations, specifically to identify aberrant medical providers and other problem Program suppliers. This was especially true of the DMAS Fiscal and Program Integrity (fraud investigation) Divisions.

-- Although very powerful, SAS routines can be difficult to bundle into testing suites.

--To effectively run SAS, a certain degree of expertise is required which is not typically available within DMAS operating divisions.--DMAS IA employees only a single systems analyst so we lack the staff to support our operating divisions in their use of SAS and concurrent tests.--The Solution was to purchase and install server based ACL.

As a result transportation providers were erroneously overpaid $10,000,000.

From claim payment patterns it was apparent that certain providerswere gaming us. We referred these providers to the DMAS Program Integrity Division for further analysis and possible criminal referral.

In the past, it could take weeks just to assemble the proper documentation & data to start an audit.With continuous auditing, DMAS can assemble multiple individual tests of a single business process or a group of processes and perform them as a single testing suite. The suite can be performed at any time, at the drop of a hat.

Internal Auditors Provide a Value Added Service The rapidity and range of the tests we can perform allowed us to identify over $7 million dollars in recoverable Medicaid and Medicare claims in 2008. Our total budget for the Internal Audit function is less than $400,000; a value added return of 17.5 times cost.We have experienced a like level of return for the past 15 years.

Increased Transparency with Auditees The auditees become accustomed to receiving frequent, short form reports on the high risk controls associated with their business processes. This increases IA visibility and relevance while removing much of the mystery surrounding the traditional audit process. Findings follow up is streamlined and enhanced.

Enhanced Communication with External Auditors We have shared our approach and data with the staff of the Auditor of Public Accounts. The APA can review our test library and test results and gauge their level of reliance assuring less duplication of effort.DMAS IA can perform rapid, customized data extractions for the APA in support of the annual audit.

Improved Utilization of Specialized Audit Skills Our test library includes ACL and SAS code which can be executed by any auditor. This frees up staff with special expertise to design new tests and consult with management and auditees on more complicated control situations and emerging issues.This saves time and money and ultimately results in a higher quality work life for the audit staff.

Key Controls are Rationalized With the frequent testing of key controls, it has been possible to identify those which are truly vital to our critical business processes and de-emphasize those which are not.This has allowed for the identification of controls which are no longer relevant or which over.